Update github/codeql-action requirement to 144880b6f0c9977178ab4000985a49023783178f #3827
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Infra: Image Testing: Deploy" | |
| on: | |
| workflow_dispatch: | |
| pull_request: | |
| types: ['labeled'] | |
| permissions: | |
| id-token: write | |
| contents: read | |
| pull-requests: write | |
| jobs: | |
| build: | |
| if: ${{ github.event.label.name == 'status/image_testing' }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@1e31de5234b9f8995739874a8ce0492dc87873e2 # infered from @v4 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| token: ${{ github.token }} | |
| - name: get branch name | |
| id: extract_branch | |
| run: | | |
| tag='${{ github.event.pull_request.number }}' | |
| echo "tag=${tag}" >> $GITHUB_OUTPUT | |
| - name: Set up JDK | |
| uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 # infered from @v4 | |
| with: | |
| java-version: '21' | |
| distribution: 'zulu' | |
| cache: 'gradle' | |
| - name: Build | |
| id: build | |
| run: | | |
| ./mvnw -B -ntp versions:set -DnewVersion=$GITHUB_SHA | |
| ./mvnw -B -V -ntp clean package -Pprod -DskipTests | |
| export VERSION=$(./mvnw -q -Dexec.executable=echo -Dexec.args='${project.version}' --non-recursive exec:exec) | |
| echo "version=${VERSION}" >> $GITHUB_OUTPUT | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # infered from @v3 | |
| - name: Set up Docker Buildx | |
| id: buildx | |
| uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # infered from @v3 | |
| - name: Cache Docker layers | |
| uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # infered from @v4 | |
| with: | |
| path: /tmp/.buildx-cache | |
| key: ${{ runner.os }}-buildx-${{ github.sha }} | |
| restore-keys: | | |
| ${{ runner.os }}-buildx- | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # infered from @v4 | |
| with: | |
| aws-region: us-east-1 | |
| role-to-assume: ${{ secrets.AWS_ROLE }} | |
| - name: Login to Amazon ECR | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@9238dd443b7a5941caf19ffbe68be34d4dbd61df # infered from @v4 | |
| with: | |
| registry-type: 'public' | |
| - name: Build and push | |
| id: docker_build_and_push | |
| uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # infered from @v6 | |
| with: | |
| builder: ${{ steps.buildx.outputs.name }} | |
| context: api | |
| push: true | |
| tags: ${{ vars.ECR_REGISTRY }}/${{ github.repository }}:${{ steps.extract_branch.outputs.tag }} | |
| build-args: | | |
| JAR_FILE=build/libs/api-${{ steps.build.outputs.version }}.jar | |
| cache-from: type=local,src=/tmp/.buildx-cache | |
| cache-to: type=local,dest=/tmp/.buildx-cache | |
| - name: make comment with private deployment link | |
| uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # infered from @v4 | |
| with: | |
| issue-number: ${{ github.event.pull_request.number }} | |
| body: | | |
| Image published at ${{ vars.ECR_REGISTRY }}/${{ github.repository }}:${{ steps.extract_branch.outputs.tag }} | |
| outputs: | |
| tag: ${{ steps.extract_branch.outputs.tag }} |